General
-
Target
69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0
-
Size
2.4MB
-
Sample
241010-l4ktnaygnj
-
MD5
1427042cd3d8717890ad16095005c285
-
SHA1
03df1f7ed0c331748411575b89fc33d2206b1c13
-
SHA256
69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0
-
SHA512
5b0f8bab90fd3f9573a7c161b29731fd73c4128bf88ff799678a0a37d2b88dd373c1e1fe10e1c566be7436f4318e0bdb2a83cf1e9380b56f57d8359a4c4bc9db
-
SSDEEP
24576:7IG3ZA3L4hu5HIjxg6jlJvGr1Xso5KYD0Kw1WoZDFBdkHOiPjpciHTg6BqLmeP:5pA3L4BjBONYYD0VooJFpiPeQZqLm0
Static task
static1
Behavioral task
behavioral1
Sample
69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
cobaltstrike
http://www.googleadservices.org:443/js/bg/li4oWrWOYuSi4ELfacFsfzG-VVTxEzGn5pW4NOt_Yvw.js
-
user_agent
Accept: */* Accept-Language: en-US,en;q=0.5 Host: www.googleadservices.org Referer: https://www.google.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7aa.
Extracted
cobaltstrike
1
http://www.googleadservices.org:443/pagead/conversion/16521530460
-
access_type
512
-
beacon_type
2048
-
host
www.googleadservices.org,/pagead/conversion/16521530460
-
http_header1
AAAAEAAAAB5Ib3N0OiB3d3cuZ29vZ2xlYWRzZXJ2aWNlcy5jb20AAAAKAAAAIUFjY2VwdDogaW1hZ2UvYXZpZixpbWFnZS93ZWJwLCovKgAAAAoAAAAgUmVmZXJlcjogaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAoAAAAKU2VjLUdwYzogMQAAAAoAAAAVU2VjLUZldGNoLURlc3Q6IGltYWdlAAAACgAAABdTZWMtRmV0Y2gtTW9kZTogbm8tY29ycwAAAAoAAAAaU2VjLUZldGNoLVNpdGU6IGNyb3NzLXNpdGUAAAAKAAAADVByaW9yaXR5OiB1PTQAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAARQ29ubmVjdGlvbjogY2xvc2UAAAAHAAAAAAAAAA0AAAACAAAABTtOSUQ9AAAAAgAAAD9BRUM9QVZZQjdjb1dON3BOMmEtQndudTFncFlWOHhWUzUxNE1sNTRhUHJ4bDVjYnoxLVdKdUxBWE5mN0tjdUUAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAF1BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgAAAAQAAAAHkhvc3Q6IHd3dy5nb29nbGVhZHNlcnZpY2VzLmNvbQAAAAoAAAAKU2VjLUdwYzogMQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAABhTZWMtRmV0Y2gtRGVzdDogZG9jdW1lbnQAAAAKAAAAGFNlYy1GZXRjaC1Nb2RlOiBuYXZpZ2F0ZQAAAAoAAAAUU2VjLUZldGNoLVNpdGU6IG5vbmUAAAAKAAAAElNlYy1GZXRjaC1Vc2VyOiA/MQAAAAcAAAAAAAAADwAAAA0AAAACAAAABTtOSUQ9AAAAAgAAAEBBRUM9QVZZQjdjb1dON3BOMmEtd0NiV2FtVUhiVnpzNG5lQUFQUnN5cFhLRkpLLUp6bUgxMjRCZXY5eHVFVEJrAAAABgAAAAZDb29raWUAAAAHAAAAAQAAAA8AAAANAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzt2smKL0MiHpXUwbBIEeovNMKBAQ5l1zjb7CONIOT8icsvZ184SeyzNF/wWZnltrw8wchIdj94xGmQ3r34btCCI4wEPcruDXKKeigWb/OhH6mDtlb6OgwlijRkBxM6nKjpgG8gxMd1VclVxICUczRmnxvYlp2nsPeENhgK11LOwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.58888448e+08
-
unknown2
AAAABAAAAAEAAAL+AAAAAgAAAcIAAAANAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/pagead/p3p_full_policy.xml
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7aa.
-
watermark
1
Targets
-
-
Target
69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0
-
Size
2.4MB
-
MD5
1427042cd3d8717890ad16095005c285
-
SHA1
03df1f7ed0c331748411575b89fc33d2206b1c13
-
SHA256
69c6a4da5c84e52c1a683cc95b97cd1c25efc670b10e284207c235db0aebc8a0
-
SHA512
5b0f8bab90fd3f9573a7c161b29731fd73c4128bf88ff799678a0a37d2b88dd373c1e1fe10e1c566be7436f4318e0bdb2a83cf1e9380b56f57d8359a4c4bc9db
-
SSDEEP
24576:7IG3ZA3L4hu5HIjxg6jlJvGr1Xso5KYD0Kw1WoZDFBdkHOiPjpciHTg6BqLmeP:5pA3L4BjBONYYD0VooJFpiPeQZqLm0
Score10/10 -